bridge relays and bridge directories
Roger Dingledine
arma at mit.edu
Thu May 29 19:37:22 UTC 2008
On Thu, May 29, 2008 at 12:26:00PM -0700, Wesley Kenzie wrote:
> I am having problems fully understanding bridges and would appreciate some
> guidance or pointers to where I can learn more.
https://www.torproject.org/svn/trunk/doc/spec/proposals/125-bridges.txt
> If I set "UseBridges" for my Tor client to 1, can I specify any relay(s) in
> the "Bridge" configuration setting, or must I only specify a relay that is
> expecting to be used as a bridge?
Any relay will work there, but relays that are configured to be bridges
will work best. See above url. ("It's complicated").
> If I set "UpdateBridgesFromAuthority" for my Tor client to 1, I understand
> that bridge authorities are used, but how can I determine which nodes are
> acting as bridge authorities? Maybe I don't trust 1 or more of them.
Fortunately for you, there's only one default bridge authority
currently. Let's hope you trust it.
(We need to come up with a design where we can handle more than one --
but we can't just spread all the bridge info onto every bridge authority,
because that just makes n single points of failure for an attacker trying
to learn bridges.)
> If I set "BridgeRelay" for my Tor server to 1, then must I have an
> "ExitPolicy" to accept at least 1 port or 1 IP address/range? If ExitPolicy
> is reject *:* does this mean the bridge relay will not work?
No, you're confusing ExitPolicy with ExtendPolicy. (And ExtendPolicy
doesn't exist.)
> And if I have
> multiple ports accepted, will any of them be used for the bridge
> connections?
>
> If I set "BridgeAuthoritativeDir" for my Tor server to 1, does this mean
> that I will be recognized by some or all "UseBridges" Tor clients as a
> bridge authority?
Only if they add DirServer lines to their torrc to point to you.
> I understand that "UseBridges" Tor clients will not know
> about all bridge authorities, so what is the cut off for those known and not
> known? Is there a manual list kept somewhere, or must Tor clients
> personally know about bridge authorities they can use?
You might also like
https://www.torproject.org/svn/trunk/doc/spec/proposals/128-bridge-families.txt
which has only sort of been implemented at this point. In fact, it looks
like I haven't even gotten very far at writing the proposal. :)
> I see that the
> controller GETINFO ns/all and GETINFO ns/id/fingerprint commands do not
> return information about bridge authorities, unless I am missing it.
What do you expect it to do?
--Roger
More information about the tor-talk
mailing list